Synthetic identity fraud, the fastest-growing form of identity theft, is costing businesses billions globally. In the US alone, where synthetic fraud is already a major problem, the average loss to each confirmed synthetic fraud case is US$15.000 [1]. Over 80% of new account fraud can be attributed to this sophisticated scheme [2]. Perpetrators stitch together real and fictitious data to create entirely new personas. These synthetic identities can remain undetected for years, allowing fraudsters to build a fictitious credit profile and exploit it for financial gain.
Unlike the US with its centralised Social Security system, the UK's data is dispersed across various entities, making it harder to identify synthetic identities. Children and the elderly are particularly vulnerable, as their established addresses and lack of credit history make them attractive targets. Perpetrators of synthetic identity fraud meticulously craft new identities by weaving real data, such as addresses or stolen birth certificates, with fictitious details. Once established, these synthetic personas become a springboard for a multitude of fraudulent activities. The insidious nature of this crime allows it to go undetected for years, as fraudsters meticulously build a fictitious credit history for their synthetic identities.
These fraudsters exploit readily available personal information, often from the dark web, by taking a real person's address and employment details (ideally from someone who hasn't moved in years and has a publicly accessible LinkedIn profile) and combines them with a fabricated name, date of birth, and address. This concoction, sometimes referred to as a "Frankenstein ID" [3], becomes the foundation for fraudulent activities.
The next step involves establishing creditworthiness for the synthetic identity. This is accomplished by using the fabricated persona to open accounts, obtain credit cards, and make minimal initial payments. This allows to gradually build a seemingly legitimate credit. A skilled fraudster plays a long game, carefully cultivating a positive credit profile over time. They may even make legitimate payments on these newly acquired accounts, further solidifying the synthetic identity's credibility. As the credit profile strengthens, additional loans and credit cards are secured or existing lines of credit become more generous, further strengthening the legitimacy of the fabricated persona in the eyes of merchants and banks.
The culmination of this elaborate scheme arrives when the fraudster, having established a robust credit profile with numerous lines of credit and loans, maxes them all out, vanishing with the spoils. Authorities face an uphill battle in tracking someone who only exists in the ether of the web. Because the very foundation of the crime – the identity itself – is synthetic, meaning it doesn't correspond to a real person. This modus operandi allows serial fraudsters to maintain a multitude of synthetic identities, perpetuating this lucrative criminal enterprise. Synthetic identify fraud is therefore a lucrative enterprise with low risks and high rewards.
Combating the Synthetic Threat: A Twofold Approach
Businesses can fortify their defences against synthetic identity fraud by deploying the most advanced identity verification technologies available. These solutions should encompass automated identity verification, document authentication, and public records analysis. A two-step verification process is critical. The first step involves verifying the authenticity of the individual and their government-issued ID through biometric verification. However, this initial step is just the beginning. The second, equally important step, involves verifying whether the individual and their ID details align with public records. Proprietary database verification and public records analysis are essential components of this process.
While this two-step verification may appear cumbersome, it can be streamlined through the use of electronic identification and verification tools, provided these tools incorporate biometric screening technology that bridges the gap between physical and digital identities. Ideally, these tools should replicate the traditional in-person verification process where employees could visually compare a client to their government-issued ID. Biometric screening and liveness testing are therefore crucial in ensuring the legitimacy of both the provided selfie and the government-issued ID.
Even the most adept fraudsters struggle to circumvent comprehensive electronic identity verification checks. Furthermore, due diligence on the underlying information gleaned from public records and proprietary databases is vital to confirm the legitimacy of the details presented on the ID. Essentially, this verification process seeks to confirm whether the name, address, and other personal identifiers exist and are supported by corroborating data.
But the problem is not contained to the corporate world, and losses suffered by banks and insurers. On a larger scale, synthetic identity fraud costs banks and financial institutions billions of pounds each year. This cost can trickle down to consumers in the form of higher fees and interest rates. Personal information is highly valuable; when used to create synthetic identities, it is at risk of being misused, leading to further identity theft or fraud. Additionally, synthetic identity fraud erodes trust in digital and financial systems. If it becomes rampant, it could make people more cautious about using online services and financial products, impacting overall convenience and innovation.
Individuals can also play their role in combating synthetic identity fraud. Regularly monitoring credit reports, a service now offered free of charge by many high street banks, allows for the identification of suspicious activity or unfamiliar accounts. Exercising caution when sharing personal information online is paramount. People should avoid oversharing personal identifiers, addresses, employment history, or other sensitive data. Social media profiles should ideally be restricted to close connections, not accessible to the wider online world. Finally, shredding documents before discarding them mitigates the risk of someone finding and utilising personal information for nefarious purposes.
The fight against synthetic identity fraud hinges on awareness and education. Just as children are taught to be wary of crossing busy roads, adults must become increasingly aware of the risks associated with online identity theft. The web is as hazardous for the oblivious scroller as the real world is for the naive stroller.
References
1. https://kpmg.com/us/en/articles/2022/synthetic-identity-fraud.html
2. https://www.experian.com/blogs/insights/prevent-new-account-fraud
3. https://www.financierworldwide.com/the-rise-of-frankenstein-id-tackling-sif